CVE-2026-23744
published 2026-01-16CVE-2026-23744: MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE)…
PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
38.37%
98.4th percentile
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mcpjam | inspector | < 1.4.3 | 1.4.3 |
| mcpjam | inspector | <= 1.4.2 | — |
| mcpjam | inspector | >= 0 < 1.4.3 | 1.4.3 |
Detection & IOCsextracted from sources · hover to see the quote
other{"serverConfig":{"timeout":10000,"command":"curl","args":["{{interactsh-url}}"],"env":{}},"serverId":"mymcp"}↗
- →Detect exploitation attempts by monitoring for POST requests to /api/mcp/connect with a JSON body containing 'command' and 'args' fields, which are used to trigger arbitrary OS command execution. ↗
- →A successful exploitation attempt returns HTTP 500 with a JSON body containing both 'Connection failed for server' and 'MCP error' strings. ↗
- →Monitor for out-of-band DNS/HTTP callbacks (OAST) triggered from the MCPJam Inspector process, as the PoC payload uses curl to beacon out to an attacker-controlled host. ↗
- →MCPJam Inspector listens on 0.0.0.0 by default, making it reachable from any network interface. Alert on unexpected inbound connections to the MCPJam Inspector port from non-loopback addresses. ↗
- ·The vulnerability only requires unauthenticated network access (CWE-306: Missing Authentication). No credentials or prior access are needed, making any internet- or LAN-exposed MCPJam Inspector instance immediately exploitable. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.4CRITICAL
osv9.4CRITICAL
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
REC in MCPJam inspector due to HTTP Endpoint exposes
ghsa·2026-01-16·CVSS 9.4
CVE-2026-23744 [CRITICAL] CWE-306 REC in MCPJam inspector due to HTTP Endpoint exposes
REC in MCPJam inspector due to HTTP Endpoint exposes
### Summary
MCPJam inspector is the local-first development platform for MCP servers. The Latest version Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE.
This vulnerability is similar to CVE-2025-49596, but more severe. While CVE-2025-49596 requires tricking a user into clicking a malicious link, this vulnerability is exploitable with no user interaction. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request.
### Details
MCPJam inspector binds to `0.0.0.0` making its HTTP APIs remotely reac
OSV
REC in MCPJam inspector due to HTTP Endpoint exposes
osv·2026-01-16·CVSS 9.4
CVE-2026-23744 [CRITICAL] REC in MCPJam inspector due to HTTP Endpoint exposes
REC in MCPJam inspector due to HTTP Endpoint exposes
### Summary
MCPJam inspector is the local-first development platform for MCP servers. The Latest version Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE.
This vulnerability is similar to CVE-2025-49596, but more severe. While CVE-2025-49596 requires tricking a user into clicking a malicious link, this vulnerability is exploitable with no user interaction. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request.
### Details
MCPJam inspector binds to `0.0.0.0` making its HTTP APIs remotely reac
VulnCheck
mcpjam inspector Missing Authentication for Critical Function
vulncheck·2026·CVSS 9.8
CVE-2026-23744 [CRITICAL] mcpjam inspector Missing Authentication for Critical Function
mcpjam inspector Missing Authentication for Critical Function
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.
Affected: MCPJam MCPJam Inspector
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://tracker.crowdsec.net/cves/CVE-2026-23744; https://das
No detection rules found.
Nuclei
MCPJam Inspector - Remote Code Execution
nuclei·CVSS 9.8
CVE-2026-23744 [CRITICAL] MCPJam Inspector - Remote Code Execution
MCPJam Inspector - Remote Code Execution
MCPJam inspector is the local-first development platform for MCP servers. The Latest version 1.4.2 and earlier are vulnerable to a remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE.
Template:
id: CVE-2026-23744
info:
name: MCPJam Inspector - Remote Code Execution
author: Louay-075
severity: critical
description: |
MCPJam inspector is the local-first development platform for MCP servers. The Latest version 1.4.2 and earlier are vulnerable to a remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE.
impact: |
An unauthenticated at
Greynoiseio
NoiseLetter March 2026
blogs_greynoiseio
NoiseLetter March 2026
Events, events… and yes, even more events. 🌍 GreyNoise has been on the move. March kept us busy with stops at eCrimes in London and SecIT in Hanover—but we’re just getting started. Over the next few months, we’ll be hitting the road for CrowdStrike CrowdTours across eight cities, heading to Glasgow to speak and sponsor CyberUK, and making our way to Tampa for H-ISAC. If you’ll be at any of these (or nearby), we’d love to connect.
And while we’ve been racking up miles, we haven’t slowed down on the research front. We’ve just released some exciting new findings—with even more coming in the next few weeks—so keep an eye out.
Thanks, as always, for being part of the GreyNoise community.
Featured
About this new report
Every enterprise firewall processes traffic from residential IP space. T
Wiz
CVE-2026-23744 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-23744 [CRITICAL] CVE-2026-23744 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23744 :
JavaScript vulnerability analysis and mitigation
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.
Source : NVD
## 9.8
Score
Published January 16, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
JavaScript
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS)
2026-01-16
Published
Exploited in the wild